Block Office 365 Sign-In based on On-premise Active Directory Security Group.
The purpose of this guide is the assist support staff to block access to multiple accounts that has been compromised.
To get started, login to Azure Active Directory Portal. https://portal.azure.com
1 From the Main menu, click on Azure Active Directory on the left-hand side.
2. From the Azure Active Directory menu, Click on Conditional Access.
3. From the Conditional Access menu, Click on New Policy.
4. from the New Policy menu, provide a name for the new policy (Deny_SignIn). Then click on Assignments and select an On-premise Security Group.
5. Click on Cloud apps and then select All Cloud Apps
6. Click on Access Controls and click Block access.
7. Finally click on Enable Policy and then click save.
8. You will be directed back to the Main Menu and here you can view the newly created Policy and also view the status as we can see below.
Once the new Policy has been applied the Users who will try and Sign-In will see the following screen.
The User will see the following screen after the Sign-In page.
The User will have no access to any Cloud Application in the Company Tenant.